A huge data breach in March 2019 exposed the personal information of more than 100 million Capital One customers. As a result, the financial powerhouse has agreed to a proposed $190 million settlement that will receive final approval next week.
Plaintiffs in a class action lawsuit filed after the breach assert that a hacker could not have accessed Capital One’s Amazon-hosted cloud computing systems if proper protections had been in place. Capital One “knew about the particular security vulnerabilities that allowed the data breach, but still couldn’t” protect customers, according to its complaint, putting millions at risk of fraud and identity theft.
Capital One did not respond to a request for comment. The company denied wrongdoing but, in a December 2021 statement, said it agreed to the $190 million payment, “in order to avoid the time, expense and uncertainty of ongoing litigation.”
The US District Court for the Eastern District of Virginia granted preliminary approval for the settlement on January 31, 2022. At that time, prospective class members had until August 22 to file a claim.
But that deadline has now been extended to the end of September.
Here’s what you need to know about the Capital One data breach settlement, including how to find out if you’re eligible for a payment, how much money you could receive, and the new deadline to file a claim.
For More Information About Class Action CasesFind out if you’re eligible for money from T-Mobile’s $350 million data breach case, Apple’s $14.8 million iCloud storage settlement, or Facebook’s $90 million data tracking payment.
What happened in the Capital One data breach in 2019?
In one of the largest financial security breaches in US history, a hacker accessed the personal information of approximately 106 million Capital One customers and applicants in March 2019.
The massive hack went undiscovered for approximately four months before it was made public by Capital One in July 2019.
Seattle engineer Paige Thompson, a former Amazon cloud employee, was eventually arrested in connection with the case. In June, she was convicted of wire fraud and unauthorized access and damage to a protected computer.
Capital One said Thompson illegally gained access to personal information related to credit card applications dating between 2005 and early 2019 for personal and small business accounts.
“With some of his illegal access, he planted cryptocurrency mining software on new servers and the mining proceeds went to his online wallet,” the Justice Department said in a statement, adding that Thompson used an alias to brag. in social networks and online forums about the mastermind of the attack.
Thompson’s sentencing is scheduled for September 15.
In addition to the $180 million class action lawsuit, Capital One was fined $80 million and agreed to improve its cloud security standards.
Capital One said it immediately fixed its servers’ vulnerability to forged requests when it became aware of the breach.
What was exposed in the Capital One hack?
Capital One said about 140,000 social security numbers and 80,000 US bank account numbers were exposed, as well as dates of birth, addresses, phone numbers, credit balances, transactions and credit scores.
An additional 1 million Canadian credit card customers and applicants had their Social Security numbers stolen.
Thomas did not obtain login information or credit card account numbers, the bank said.
Who is eligible for the Capital One settlement payment?
Some 98 million applicants and cardholders are eligible to file a valid claim, according to Capital One, which said it sent letters and emails to members whose Social Security numbers or bank account numbers were exposed in the hack.
If you think you are eligible but did not receive a notice, please contact the settlement administrator at 855-604-1811 for assistance.
How much can I receive from the Capital One deal?
About 140,000 Social Security numbers and 80,000 Capital One account numbers were exposed, along with dates of birth, addresses, phone numbers, credit balances, bank transactions and credit scores.
Heather Shimmin/Getty Images
Class Members may collect up to $25,000 in cash for lost time and out-of-pocket expenses related to the violation, including unreimbursed fraud charges, money spent on identity theft prevention, and professional services fees data security.
You can claim up to 15 hours of lost time spent resolving the problem, at a rate of at least $25 per hour.
The deal also provides three years of free identity protection services through Pango Group, including identity monitoring, lost wallet protection, security freeze capabilities, dark web monitoring, free account restoration, and $1 million in insurance against fraud and identity theft.
How do I file a claim in a Capital One data breach case?
You can apply online at the class action settlement website. You’ll need the unique ID and PIN printed on the notice you received from Capital One in the mail or by email, along with detailed documentation, including receipts, bank statements, canceled checks and bills. (If you missed your notice or never received it, contact the settlement administrator at 855-604-1811.)
You may also print a paper claim form and mail it, along with any supporting documentation, to the settlement administrator at:
Capital One data breach
Agreement Administrator
post office box 4518
Portland, Oregon 97208–4518
When is the deadline to file a claim?
The original deadline to file a valid claim in the Capital One case was August 22, but that deadline has been extended to September 30, 2022.
The deadline for opting out of the settlement in order to retain the right to pursue separate legal action expired on July 7.
When will class members receive their payments?
A judge has given preliminary approval for the $180 million deal. A final approval hearing was initially scheduled for August 19, but was rescheduled for September 8.
Assuming the settlement receives final approval and there are no appeals, the checks could be sent soon after. We will keep you updated as new information becomes available.
